Win7 (x64) 'Registry Helper' etc . infiziert

Manu3l · 21.03.2014, 09:23

Hallo Zusammen,

vor vier Tagen habe ich mir ein Texterkennungsprogramm über chip.de runtergeladen. Leider waren die drei o.g. Programme auch dabei. Ich war dummerweise unaufmerksam und nun habe ich den Salat. Es tauchen u.a. doppelt unterstrichene Wörter im Browser auf, ein kleines Fenster nach dem Start meint, es gäbe 268 Funde für Malware und Firefox öffnet immer snapdo in neuen Tabs.

Bisher habe ich folgendes unternommen: Virescan mit Avira Antivir keinen Fund. Nachdem ich auf dieses Forum getroffen bin, habe ich FRST drüber laufen lassen.

Leider hab ich keine Logfiles vom Virenscannerscan.

Es wäre super, wenn ihr mir helfen könntet meinen Rechner davon zu bereinigen. Danke schon mal im Vorraus!

Hier die logfiles:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Frida (administrator) on GERD on 21-03-2014 09:11:51
Running from C:\Users\Frida\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeApp Software, LLC) C:\Program Files (x86)\Computer Updater\ComputerUp-daterService.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
() C:\Program Files (x86)\LPT\srpts.exe
(SafeApp Software, LLC) C:\Program Files (x86)\Registry Helper\RegistryHelperService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\V-bates\ExtensionUpdaterService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files (x86)\LPT\srptm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Activeris) C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Dropbox, Inc.) C:\Users\Frida\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SafeApp Software, LLC) C:\Program Files (x86)\Computer Updater\ComputerUp-dater.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2009-12-11] (Lenovo.)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5879608 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Computer Updater] - C:\Program Files (x86)\Computer Updater\ComputerUp-dater.Exe [3483992 2014-01-26] (SafeApp Software, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3555803482-773397576-744118989-1003\...\Run: [Browser Infrastructure Helper] - C:\Users\Frida\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-02] (Smartbar)
HKU\S-1-5-21-3555803482-773397576-744118989-1003\...\MountPoints2: {c854fa97-aeda-11df-8356-78dd08b459fd} - D:\LaunchU3.exe -a
HKU\S-1-5-21-3555803482-773397576-744118989-1003\...\MountPoints2: {f47ad795-64ac-11df-ad90-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frida\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKT42zm_0PKUNlGehSL1rm7hs7wRcbgJ_Xy_vnyk_RqyHVMf7gnrBMBQrQRX-CrfTYFlFDKiT3xhDft_KFO5bzPgzPrEi5uRHMwWico8GwVNqHoGf87wJCDRdMOfH0CGA,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKT42zm_0PKUNlGehSL1rm7hs7wRcbgJ_Xy_vnyk_RqyHVMf7gnrBMBQrQRX-CrfTYFmJIEAlT5ofs1XLgVMr5rgtdYVom0s9QoGWhvJ_z7_y2S8EtEJbU1nQce1T-vWg,,
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKT42zm_0PKUNlGehSL1rm7hs7wRcbgJ_Xy_vnyk_RqyHVMf7gnrBMBQrQRX-CrfTYFlFDKiT3xhDft_KFO5bzPgzPrEi5uRHMwWico8GwVNqHoGf87wJCDRdMOfH0CGA,,&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKT42zm_0PKUNlGehSL1rm7hs7wRcbgJ_Xy_vnyk_RqyHVMf7gnrBMBQrQRX-CrfTYFlFDKiT3xhDft_KFO5bzPgzPrEi5uRHMwWico8GwVNqHoGf87wJCDRdMOfH0CGA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKT42zm_0PKUNlGehSL1rm7hs7wRcbgJ_Xy_vnyk_RqyHVMf7gnrBMBQrQRX-CrfTYFlFDKiT3xhDft_KFO5bzPgzPrEi5uRHMwWico8GwVNqHoGf87wJCDRdMOfH0CGA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKT42zm_0PKUNlGehSL1rm7hs7wRcbgJ_Xy_vnyk_RqyHVMf7gnrBMBQrQRX-CrfTYFlFDKiT3xhDft_KFO5bzPgzPrEi5uRHMwWico8GwVNqHoGf87wJCDRdMOfH0CGA,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKT42zm_0PKUNlGehSL1rm7hs7wRcbgJ_Xy_vnyk_RqyHVMf7gnrBMBQrQRX-CrfTYFlFDKiT3xhDft_KFO5bzPgzPrEi5uRHMwWico8GwVNqHoGf87wJCDRdMOfH0CGA,,&q={searchTerms}
BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll ()
BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension32.dll ()
BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Frida\AppData\Roaming\Mozilla\Firefox\Profiles\10ly96bs.default-1391872834982
FF NewTab: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKT42zm_0PKUNlGehSL1rm7hs7wRcbgJ_Xy_vnyk_RqyHVMf7gnrBMBQrQRX-CrfTYFnoealWh_nTCd2c4h3K7CkiQqZKF_djniKQFNJy8ucspcn2wvnRtjGq94pkbPXg,,
FF Homepage: about:home
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKT42zm_0PKUNlGehSL1rm7hs7wRcbgJ_Xy_vnyk_RqyHVMf7gnrBMBQrQRX-CrfTYFlFDKiT3xhDft_KFO5bzPgzPrEi5uRHMwWico8GwVNqHoGf87wJCDRdMOfH0CGA,,&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Frida\AppData\Roaming\Mozilla\Firefox\Profiles\10ly96bs.default-1391872834982\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Frida\AppData\Roaming\Mozilla\Firefox\Profiles\10ly96bs.default-1391872834982\Extensions\ich@maltegoetz.de [2014-02-08]
FF Extension: Adblock Plus - C:\Users\Frida\AppData\Roaming\Mozilla\Firefox\Profiles\10ly96bs.default-1391872834982\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-08]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF Extension: V-bates - C:\Program Files\V-bates\Firefox [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011-02-17]
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF Extension: V-bates - C:\Program Files\V-bates\Firefox [2014-03-17]

Chrome: 
=======
CHR HomePage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKT42zm_0PKUNlGehSL1rm7hs7wRcbgJ_Xy_vnyk_RqyHVMf7gnrBMBQrQRX-CrfTYFmJIEAlT5ofs1XLgVMr5rgtdYVom0s9QoGWhvJ_z7_y2S8EtEJbU1nQce1T-vWg,,
CHR Extension: (AdBlock) - C:\Users\Frida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-05-11]
CHR Extension: (V-bates) - C:\Users\Frida\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip [2014-03-17]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Frida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-02-10] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 ComputerUpdater Service; C:\Program Files (x86)\Computer Updater\ComputerUp-daterService.exe [88424 2014-01-26] (SafeApp Software, LLC)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [35872 2014-03-02] ()
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
R2 Registry Helper Service; C:\Program Files (x86)\Registry Helper\RegistryHelperService.exe [84328 2014-01-26] (SafeApp Software, LLC)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-04] (Lenovo Group Limited)
R2 V-bates Updater; C:\Program Files\V-bates\ExtensionUpdaterService.exe [209408 2014-02-26] ()
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [631360 2009-11-04] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [23744 2009-11-04] (DiBcom S.A.)
R3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225792 2009-09-30] (Realtek Semiconductor Corp.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-05-12] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 09:11 - 2014-03-21 09:14 - 00021095 _____ () C:\Users\Frida\Desktop\FRST.txt
2014-03-21 09:11 - 2014-03-21 09:11 - 00000000 ____D () C:\FRST
2014-03-21 09:08 - 2014-03-21 09:08 - 02157056 _____ (Farbar) C:\Users\Frida\Desktop\FRST64.exe
2014-03-19 19:11 - 2014-03-21 08:54 - 00003106 _____ () C:\Windows\System32\Tasks\Activeris AntiMalware_startup
2014-03-19 16:55 - 2014-03-21 08:54 - 00000000 ____D () C:\ProgramData\Computer Updater
2014-03-18 22:57 - 2014-03-18 22:57 - 00000000 ____D () C:\Users\Frida\Downloads\rectify-first-season_english-720396
2014-03-18 22:54 - 2014-03-18 22:54 - 00017288 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720396(1).zip
2014-03-18 22:53 - 2014-03-18 22:53 - 00017288 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720396.zip
2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 20:04 - 2014-03-18 20:05 - 01398290 _____ () C:\Users\Frida\Desktop\bookmarks.html
2014-03-18 19:12 - 2014-03-18 19:12 - 00000000 ____D () C:\Users\Frida\Downloads\rectify-first-season_english-720395
2014-03-18 19:11 - 2014-03-18 19:11 - 00019220 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720395.zip
2014-03-18 18:58 - 2014-03-18 18:59 - 103403280 _____ (Microsoft Corporation) C:\Users\Frida\Downloads\msert.exe
2014-03-18 18:49 - 2014-03-18 18:49 - 00001074 _____ () C:\Users\Public\Desktop\Computer Updater.lnk
2014-03-18 18:48 - 2014-03-18 18:49 - 00000000 ____D () C:\Program Files (x86)\Computer Updater
2014-03-18 18:46 - 2014-03-18 18:47 - 00000000 ____D () C:\Program Files (x86)\Registry Helper
2014-03-18 18:45 - 2014-03-18 18:45 - 06999200 _____ () C:\Users\Frida\Downloads\registryhelpersetup.exe
2014-03-18 18:33 - 2014-03-18 18:37 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-03-18 18:32 - 2014-03-18 18:33 - 00000000 ____D () C:\Users\Frida\AppData\Local\Smartbar
2014-03-18 18:32 - 2014-03-18 18:32 - 00000000 ____D () C:\Users\Frida\AppData\Local\LPT
2014-03-18 18:31 - 2014-03-18 18:31 - 00001169 _____ () C:\Users\Public\Desktop\Activeris AntiMalware.lnk
2014-03-18 18:31 - 2014-03-18 18:31 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Activeris
2014-03-18 18:31 - 2014-03-18 18:31 - 00000000 ____D () C:\ProgramData\Activeris
2014-03-18 18:31 - 2014-03-18 18:31 - 00000000 ____D () C:\Program Files (x86)\Activeris AntiMalware
2014-03-18 18:31 - 2012-09-26 19:03 - 00020480 _____ () C:\Windows\system32\acrisnative64.exe
2014-03-18 18:28 - 2014-03-18 18:29 - 00414625 _____ ( ) C:\Users\Frida\Downloads\freeocr422.exe
2014-03-18 18:16 - 2014-03-21 08:50 - 00000448 _____ () C:\Windows\setupact.log
2014-03-18 18:16 - 2014-03-18 18:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-18 18:14 - 2014-03-18 18:14 - 00017218 _____ () C:\Users\Frida\Desktop\cc_20140318_181403.reg
2014-03-17 14:50 - 2014-03-17 15:08 - 1062844809 _____ () C:\Users\Frida\Downloads\rectify.s01e03.720p.hdtv.x264-2hd.mkv
2014-03-17 12:56 - 2014-03-17 13:01 - 298367700 _____ () C:\Users\Frida\Downloads\rectify.s01e02.hdtv.x264-2hd.mp4
2014-03-17 11:16 - 2014-03-17 11:16 - 00000000 ____D () C:\Users\Frida\AppData\Local\FreeOCR
2014-03-17 11:06 - 2014-03-17 11:12 - 00000000 ____D () C:\FreeOCR
2014-03-17 11:06 - 2007-03-10 09:11 - 02680320 _____ (HiComponents) C:\Windows\SysWOW64\ImageEnXLibrary.ocx
2014-03-17 11:04 - 2014-03-17 11:04 - 00000000 ____D () C:\Program Files\V-bates
2014-03-16 23:55 - 2014-03-17 01:09 - 1328038204 _____ () C:\Users\Frida\Downloads\rectify.s01e01.720p.hdtv.x264-2hd.mkv
2014-03-16 19:36 - 2014-03-16 19:36 - 00037001 _____ () C:\Users\Frida\Downloads\buffalo-66_english-269976.zip
2014-03-16 19:36 - 2004-08-09 02:11 - 731179008 _____ () C:\Users\Frida\Desktop\buffalo 66.avi
2014-03-16 12:01 - 2014-03-16 12:13 - 1060245093 _____ () C:\Users\Frida\Downloads\arte-live berlin sophie hunger.mp4
2014-03-09 19:01 - 2014-03-10 19:44 - 01339392 _____ () C:\Users\Frida\Desktop\gastkommentra.indd
2014-03-07 12:53 - 2014-03-07 12:53 - 00000000 ____D () C:\Program Files\One click FLAC to MP3 Converter
2014-03-07 12:53 - 2014-03-07 12:53 - 00000000 ____D () C:\Program Files (x86)\One-click FLAC to MP3 Converter
2014-03-03 21:11 - 2014-03-03 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-02 17:36 - 2014-03-02 17:36 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Remote Control Server
2014-03-02 17:13 - 2014-03-02 17:13 - 05205504 _____ (Steppschuh) C:\Users\Frida\Downloads\RemoteControlServer.exe
2014-02-23 17:35 - 2014-03-03 12:38 - 00000000 ____D () C:\Users\Frida\Desktop\kud

==================== One Month Modified Files and Folders =======

2014-03-21 09:14 - 2014-03-21 09:11 - 00021095 _____ () C:\Users\Frida\Desktop\FRST.txt
2014-03-21 09:11 - 2014-03-21 09:11 - 00000000 ____D () C:\FRST
2014-03-21 09:09 - 2011-07-09 11:56 - 00000000 ___RD () C:\Users\Frida\Dropbox
2014-03-21 09:09 - 2011-07-09 11:50 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Dropbox
2014-03-21 09:08 - 2014-03-21 09:08 - 02157056 _____ (Farbar) C:\Users\Frida\Desktop\FRST64.exe
2014-03-21 09:08 - 2010-08-03 10:44 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D54DD03E-3945-4937-9347-752F8D557CFB}
2014-03-21 09:06 - 2010-10-14 16:48 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-21 09:03 - 2011-05-18 19:27 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-03-21 08:59 - 2009-07-14 05:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 08:59 - 2009-07-14 05:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 08:54 - 2014-03-19 19:11 - 00003106 _____ () C:\Windows\System32\Tasks\Activeris AntiMalware_startup
2014-03-21 08:54 - 2014-03-19 16:55 - 00000000 ____D () C:\ProgramData\Computer Updater
2014-03-21 08:53 - 2010-10-14 16:48 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-21 08:50 - 2014-03-18 18:16 - 00000448 _____ () C:\Windows\setupact.log
2014-03-21 08:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 02:50 - 2010-05-21 08:50 - 01991796 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 02:26 - 2013-10-05 10:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-19 17:15 - 2011-05-18 19:27 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-03-19 17:14 - 2011-05-18 19:27 - 00003484 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-19 16:51 - 2012-04-26 07:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-18 22:57 - 2014-03-18 22:57 - 00000000 ____D () C:\Users\Frida\Downloads\rectify-first-season_english-720396
2014-03-18 22:54 - 2014-03-18 22:54 - 00017288 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720396(1).zip
2014-03-18 22:53 - 2014-03-18 22:53 - 00017288 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720396.zip
2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 20:35 - 2010-08-03 22:57 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\vlc
2014-03-18 20:05 - 2014-03-18 20:04 - 01398290 _____ () C:\Users\Frida\Desktop\bookmarks.html
2014-03-18 19:12 - 2014-03-18 19:12 - 00000000 ____D () C:\Users\Frida\Downloads\rectify-first-season_english-720395
2014-03-18 19:11 - 2014-03-18 19:11 - 00019220 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720395.zip
2014-03-18 18:59 - 2014-03-18 18:58 - 103403280 _____ (Microsoft Corporation) C:\Users\Frida\Downloads\msert.exe
2014-03-18 18:49 - 2014-03-18 18:49 - 00001074 _____ () C:\Users\Public\Desktop\Computer Updater.lnk
2014-03-18 18:49 - 2014-03-18 18:48 - 00000000 ____D () C:\Program Files (x86)\Computer Updater
2014-03-18 18:47 - 2014-03-18 18:46 - 00000000 ____D () C:\Program Files (x86)\Registry Helper
2014-03-18 18:45 - 2014-03-18 18:45 - 06999200 _____ () C:\Users\Frida\Downloads\registryhelpersetup.exe
2014-03-18 18:37 - 2014-03-18 18:33 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-03-18 18:33 - 2014-03-18 18:32 - 00000000 ____D () C:\Users\Frida\AppData\Local\Smartbar
2014-03-18 18:32 - 2014-03-18 18:32 - 00000000 ____D () C:\Users\Frida\AppData\Local\LPT
2014-03-18 18:31 - 2014-03-18 18:31 - 00001169 _____ () C:\Users\Public\Desktop\Activeris AntiMalware.lnk
2014-03-18 18:31 - 2014-03-18 18:31 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Activeris
2014-03-18 18:31 - 2014-03-18 18:31 - 00000000 ____D () C:\ProgramData\Activeris
2014-03-18 18:31 - 2014-03-18 18:31 - 00000000 ____D () C:\Program Files (x86)\Activeris AntiMalware
2014-03-18 18:29 - 2014-03-18 18:28 - 00414625 _____ ( ) C:\Users\Frida\Downloads\freeocr422.exe
2014-03-18 18:16 - 2014-03-18 18:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-18 18:14 - 2014-03-18 18:14 - 00017218 _____ () C:\Users\Frida\Desktop\cc_20140318_181403.reg
2014-03-18 18:10 - 2010-08-23 13:27 - 00000000 ____D () C:\Windows\Minidump
2014-03-17 15:08 - 2014-03-17 14:50 - 1062844809 _____ () C:\Users\Frida\Downloads\rectify.s01e03.720p.hdtv.x264-2hd.mkv
2014-03-17 13:01 - 2014-03-17 12:56 - 298367700 _____ () C:\Users\Frida\Downloads\rectify.s01e02.hdtv.x264-2hd.mp4
2014-03-17 11:16 - 2014-03-17 11:16 - 00000000 ____D () C:\Users\Frida\AppData\Local\FreeOCR
2014-03-17 11:12 - 2014-03-17 11:06 - 00000000 ____D () C:\FreeOCR
2014-03-17 11:04 - 2014-03-17 11:04 - 00000000 ____D () C:\Program Files\V-bates
2014-03-17 01:09 - 2014-03-16 23:55 - 1328038204 _____ () C:\Users\Frida\Downloads\rectify.s01e01.720p.hdtv.x264-2hd.mkv
2014-03-17 01:08 - 2010-12-06 19:54 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Skype
2014-03-16 19:36 - 2014-03-16 19:36 - 00037001 _____ () C:\Users\Frida\Downloads\buffalo-66_english-269976.zip
2014-03-16 19:17 - 2010-05-21 18:36 - 00753340 _____ () C:\Windows\system32\perfh007.dat
2014-03-16 19:17 - 2010-05-21 18:36 - 00171160 _____ () C:\Windows\system32\perfc007.dat
2014-03-16 19:17 - 2009-07-14 06:13 - 01758600 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 18:35 - 2013-10-04 13:55 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-03-16 12:13 - 2014-03-16 12:01 - 1060245093 _____ () C:\Users\Frida\Downloads\arte-live berlin sophie hunger.mp4
2014-03-15 14:39 - 2013-04-01 19:49 - 00000000 ____D () C:\Users\Frida\Documents\Teaser Produktion
2014-03-12 19:26 - 2013-10-05 10:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 19:26 - 2012-06-11 11:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 19:26 - 2011-05-24 17:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 19:44 - 2014-03-09 19:01 - 01339392 _____ () C:\Users\Frida\Desktop\gastkommentra.indd
2014-03-10 12:03 - 2010-12-03 12:21 - 00000000 ____D () C:\Users\Frida\Documents\Schriften
2014-03-10 11:46 - 2014-02-10 11:17 - 00000000 ____D () C:\Users\Frida\Desktop\cs2
2014-03-10 10:59 - 2009-07-14 05:45 - 05100936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-09 17:08 - 2010-08-03 09:09 - 00128080 _____ () C:\Users\Frida\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-07 12:53 - 2014-03-07 12:53 - 00000000 ____D () C:\Program Files\One click FLAC to MP3 Converter
2014-03-07 12:53 - 2014-03-07 12:53 - 00000000 ____D () C:\Program Files (x86)\One-click FLAC to MP3 Converter
2014-03-05 20:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-03 23:25 - 2014-01-26 19:06 - 00000000 ____D () C:\Users\Frida\Desktop\Neuer Ordner
2014-03-03 21:14 - 2014-03-03 21:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-03 12:38 - 2014-02-23 17:35 - 00000000 ____D () C:\Users\Frida\Desktop\kud
2014-03-02 17:36 - 2014-03-02 17:36 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Remote Control Server
2014-03-02 17:31 - 2010-05-21 09:40 - 01736622 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-02 17:13 - 2014-03-02 17:13 - 05205504 _____ (Steppschuh) C:\Users\Frida\Downloads\RemoteControlServer.exe
2014-02-27 21:05 - 2011-05-18 19:27 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-02-26 21:47 - 2011-05-18 19:27 - 00004224 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-02-25 19:24 - 2011-02-17 13:38 - 00000000 ____D () C:\Users\Frida\Documents\Citavi 3
2014-02-24 18:11 - 2010-12-25 16:33 - 00000000 ____D () C:\Users\Frida\AppData\Local\FreePDF_XP
2014-02-24 11:21 - 2010-08-03 11:21 - 00000000 ____D () C:\Users\Frida\Documents\UNI
2014-02-23 13:08 - 2013-10-27 12:06 - 00000000 ____D () C:\Users\Frida\Documents\Projekt CANADA
2014-02-19 17:01 - 2010-10-14 16:48 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-19 17:01 - 2010-10-14 16:48 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Frida\AppData\Local\Temp\avgnt.exe
C:\Users\Frida\AppData\Local\Temp\ComputerUpdaterSetupCB_1_0_5.exe
C:\Users\Frida\AppData\Local\Temp\DiskCleanerSetupCB_2_1_0.exe
C:\Users\Frida\AppData\Local\Temp\~SpUnin~.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 01:41

==================== End Of Log ============================

--- --- ---

Hier noch die Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Frida at 2014-03-21 09:15:25
Running from C:\Users\Frida\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6425.1000 - Microsoft Corporation)
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Activeris AntiMalware (HKLM-x32\...\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1) (Version: 1.0.0.1 - Activeris)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe InDesign CS2 (HKLM-x32\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.10.00 - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-115C (HKLM-x32\...\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Business Contact Manager für Outlook 2007 SP1 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.7311.0 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP1 (x32 Version: 3.0.7311.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Cinergy HT USB XE V3.12.00.00a (HKLM-x32\...\Cinergy HT USB XE) (Version: 3.12.00.00a - )
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.0.3.0 - Swiss Academic Software)
Client Security - Password Manager (HKLM\...\{3FD730D4-755F-439B-8082-B55E00924A44}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Computer Updater  (HKLM-x32\...\Computer Updater) (Version:  - SafeApp Software, LLC)
Conexant 20582 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.18.61 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
f4 2012 (HKLM-x32\...\f42012) (Version:  - audiotranskription.de)
FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version:  - )
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPL Ghostscript 9.00 (HKLM-x32\...\GPL Ghostscript 9.00) (Version:  - )
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Integrated Camera (HKLM\...\Integrated Camera) (Version: 5.50.2.5 - Silicon Motion)
Integrated Camera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.50.2.5 - Silicon Motion)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JOSM (HKCU\...\JOSM) (Version:  - OpenStreetMap)
Juniper Networks Network Connect 6.4.0 (HKLM-x32\...\Juniper Network Connect 6.4.0) (Version: 6.4.0.16245 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.19243 - Juniper Networks)
Juniper Networks Network Connect 7.1.14 (HKLM-x32\...\Juniper Network Connect 7.1.14) (Version: 7.1.14.23943 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.0.0.3 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.03.13 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.02 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.0.023.0 - Lenovo)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
MAXQDA 10 (R250212) (HKLM-x32\...\MAXQDA10) (Version: (R250212) - VERBI Software.Consult.Sozialforschung GmbH)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Research AutoCollage Touch 2009 (HKLM-x32\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{F68310EC-B615-4044-B7D7-1A6349758D42}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mobile Broadband Connect (HKLM-x32\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
One-click FLAC to MP3 Converter (HKLM-x32\...\{C438FF68-F2F2-4322-A8C4-A66721795B73}) (Version: 4.3.0 - Streamware Development)
One-click FLAC to MP3 Converter (x64 add-on) (HKLM\...\{64DFC00F-2502-41AE-8E92-B6E7F10F9A62}) (Version: 4.3.0 - Streamware Development)
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.199.0 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Quantum GIS Wroclaw 1.7.2 Wroclaw (HKLM-x32\...\Quantum GIS Wroclaw) (Version: 1.7.2-r67330-1 - QGIS Development Team)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30106 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Helper  (HKLM-x32\...\Registry Helper) (Version:  - SafeApp Software, LLC) <==== ATTENTION
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Scribus 1.4.2 (HKLM-x32\...\Scribus 1.4.2) (Version: 1.4.2 - The Scribus Team)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION
Skype™ 5.3 (HKLM-x32\...\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}) (Version: 5.3.120 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{A4ED8988-A037-462D-A646-CD3304087062}) (Version: 10.211.1.15575 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{9d6c3db8-56b6-46ea-9c3a-6e294188105c}) (Version: 10.211.1.15575 - ReSoft Ltd.) <==== ATTENTION
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0032 - Lenovo)
TerraTec Home Cinema (HKLM-x32\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.15.11 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.25 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.61 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation)
V-bates 2.0.0.438 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.438 - Wajamu) <==== ATTENTION
Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Intel hdc  (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

20-03-2014 00:49:41 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-11-01 12:19 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {12561A61-99D8-4CF9-8720-CE38A4A114DB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {361DAC20-0700-4C84-BC36-EEEBBB7AF7A4} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {72EC84DC-7D2E-45A7-B0A2-E4F0B60C3BCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {732917FE-E3A6-46B7-AEE2-CFCD4109FEAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.)
Task: {828947B6-AA68-4789-8059-E82F6CE67BAA} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {87FD1FA0-F5C5-4489-95F8-028DE97E6B54} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {880F4307-7766-40FD-820E-1661E8406B32} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {8D30982F-053B-4F8B-9CA1-A7B90FD1633C} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {AEB8969C-3B13-4489-8CDE-9B66EA576418} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.)
Task: {B427BDCA-209C-4973-B17F-C9F2CE2D7D83} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E33C4698-A2B4-465F-A42C-780D8AC2CFA2} - System32\Tasks\{02307617-CFBF-49E9-87F0-E0E78B3F036F} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {FFBF2014-62AC-44ED-98CE-6DE708FD12BE} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe [2014-01-23] (Activeris)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2010-03-05 08:21 - 2010-03-05 08:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-10-25 22:35 - 2010-06-17 20:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-03-02 14:11 - 2014-03-02 14:11 - 00035872 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-03-17 11:04 - 2014-02-26 15:31 - 00209408 _____ () C:\Program Files\V-bates\ExtensionUpdaterService.exe
2014-03-02 14:11 - 2014-03-02 14:11 - 00023072 _____ () C:\Program Files (x86)\LPT\srptm.exe
2010-05-21 09:03 - 2010-05-12 02:25 - 00047616 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2009-05-27 21:09 - 2009-05-27 21:09 - 00049976 _____ () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
2013-03-31 11:33 - 2013-03-31 11:29 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-03-01 10:13 - 2010-03-01 10:13 - 00020480 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACNewBiosHelper.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-02 14:11 - 2014-03-02 14:11 - 00072224 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-03-02 14:11 - 2014-03-02 14:11 - 00023072 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-03-02 14:11 - 2014-03-02 14:11 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-03-02 14:11 - 2014-03-02 14:11 - 00056352 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-03-02 14:11 - 2014-03-02 14:11 - 00060960 _____ () C:\Program Files (x86)\LPT\sppsm.dll
2014-03-02 14:11 - 2014-03-02 14:11 - 00154656 _____ () C:\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-03-02 14:11 - 2014-03-02 14:11 - 00026656 _____ () C:\Program Files (x86)\LPT\Smartbar.Personalization.Common.dll
2014-03-02 14:11 - 2014-03-02 14:11 - 00165408 _____ () C:\Program Files (x86)\LPT\Smartbar.Infrastructure.Utilities.dll
2014-03-02 14:11 - 2014-03-02 14:11 - 00043552 _____ () C:\Program Files (x86)\LPT\srbu.dll
2014-03-02 14:11 - 2014-03-02 14:11 - 00024608 _____ () C:\Program Files (x86)\LPT\srpdm.dll
2014-03-02 14:11 - 2014-03-02 14:11 - 00036896 _____ () C:\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyService.dll
2014-03-18 18:31 - 2012-09-26 15:31 - 00886272 _____ () C:\Program Files (x86)\Activeris AntiMalware\System.Data.SQLite.dll
2014-03-18 18:31 - 2014-01-23 19:04 - 01718264 _____ () C:\Program Files (x86)\Activeris AntiMalware\acrissys.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Frida\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-18 22:21 - 2014-03-18 22:21 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Frida\Desktop\buffalo 66.avi:AFP_Resource

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files (x86)\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2014 09:03:14 AM) (Source: PC-Doctor) (User: )
Description: (4740) Asapi: (09:03:14:5640)(4740) libTonopahClient.DownloadManager - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007) failed with error: 317

Error: (03/21/2014 08:50:55 AM) (Source: Registry Helper Service) (User: )
Description: Error: Service started

Error: (03/21/2014 08:50:50 AM) (Source: ComputerUpdater Service) (User: )
Description: Error: Service started

Error: (03/20/2014 02:19:01 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (03/20/2014 02:14:30 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/20/2014 01:49:29 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (03/20/2014 01:44:09 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/19/2014 07:09:28 PM) (Source: Registry Helper Service) (User: )
Description: Error: Service started

Error: (03/19/2014 07:09:15 PM) (Source: ComputerUpdater Service) (User: )
Description: Error: Service started

Error: (03/19/2014 05:14:31 PM) (Source: PC-Doctor) (User: )
Description: (496) Asapi: (17:14:31:0590)(496) libTonopahClient.DownloadManager - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007) failed with error: 317


System errors:
=============
Error: (03/21/2014 08:51:37 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (03/21/2014 08:50:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/19/2014 07:11:40 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (03/19/2014 07:09:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/19/2014 07:08:50 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎19.‎03.‎2014 um 18:51:54 unerwartet heruntergefahren.

Error: (03/19/2014 04:52:45 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (03/19/2014 04:52:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/18/2014 10:07:17 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.

Error: (03/18/2014 06:50:29 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Registry Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/18/2014 06:32:36 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Search Protect by Conduit Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (06/09/2011 02:22:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2989 seconds with 2580 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 77%
Total physical RAM: 1912.87 MB
Available physical RAM: 424.37 MB
Total Pagefile: 3825.73 MB
Available Pagefile: 1697.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:21.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: FD380F2A)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber · 21.03.2014, 10:02

hi,

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Manu3l · 21.03.2014, 18:29

Hallo Schrauber,

vielen Dank für die fixe Antwort! Ich habe vergessen zu erwähnen, dass ich auch noch die Programme Activeris AntiMalware und Computer Updater auf dem Rechner habe. (Das hatte ich in den Titel geschrieben und wurde von der Seite nich akzeptiert). Dann habe ich vergessen das nochmal zu erwähnen. Soll ich diese Programme auch deinstallieren mit REVO?

Jedenfalls habe ich mit Revo nun folgende Einträge deinstalliert:

Registry Helper (HKLM-x32\...\Registry Helper) (Version: - SafeApp Software, LLC) <==== ATTENTION
Snap.Do (HKLM-x32\...\{A4ED8988-A037-462D-A646-CD3304087062}) (Version: 10.211.1.15575 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{9d6c3db8-56b6-46ea-9c3a-6e294188105c}) (Version: 10.211.1.15575 - ReSoft Ltd.) <==== ATTENTION

Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION -------> hier hat es zu erst gesagt, dass Uninstall fehlgeschlagen sei, dann hat revo doch noch Einträge in der Registry gefunden, die ich dann gelöscht habe. Ist das OK so?!

Folgende Einträge wurden von Revo nicht aufgelistet:
V-bates 2.0.0.438 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.438 - Wajamu) <==== ATTENTION
Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION

Wie gehe ich weiter vor?

Hallo,

Die von dir aufgetragenen Schritte habe ich nun ausgeführt. Allerdings enthalten die logfiles zu viele zeichen, daher nur die FRST.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Frida (administrator) on GERD on 21-03-2014 17:00:37
Running from C:\Users\Frida\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Users\Frida\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2009-12-11] (Lenovo.)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5879608 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3555803482-773397576-744118989-1003\...\MountPoints2: {c854fa97-aeda-11df-8356-78dd08b459fd} - D:\LaunchU3.exe -a
HKU\S-1-5-21-3555803482-773397576-744118989-1003\...\MountPoints2: {f47ad795-64ac-11df-ad90-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frida\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Frida\AppData\Roaming\Mozilla\Firefox\Profiles\10ly96bs.default-1391872834982
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Frida\AppData\Roaming\Mozilla\Firefox\Profiles\10ly96bs.default-1391872834982\Extensions\ich@maltegoetz.de [2014-02-08]
FF Extension: Adblock Plus - C:\Users\Frida\AppData\Roaming\Mozilla\Firefox\Profiles\10ly96bs.default-1391872834982\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011-02-17]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
    ],
    "restore_on_startup_migrated": true,
    "startup_urls": [
      "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKT42zm_0PKUNlGehSL1rm7hs7wRcbgJ_Xy_vnyk_RqyHVMf7gnrBMBQrQRX-CrfTYFmJIEAlT5ofs1XLgVMr5rgtdYVom0s9QoGWhvJ_z7_y2S8EtEJbU1nQce1T-vWQ,,"
    ],
    "restore_on_startup"
CHR Extension: (AdBlock) - C:\Users\Frida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-05-11]
CHR Extension: (V-bates) - C:\Users\Frida\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip [2014-03-17]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Frida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-02-10] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-04] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [631360 2009-11-04] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [23744 2009-11-04] (DiBcom S.A.)
R3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225792 2009-09-30] (Realtek Semiconductor Corp.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-05-12] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 17:00 - 2014-03-21 17:02 - 00016694 _____ () C:\Users\Frida\Desktop\FRST.txt
2014-03-21 16:54 - 2014-03-21 16:54 - 00000770 _____ () C:\Users\Frida\Desktop\JRT.txt
2014-03-21 16:38 - 2014-03-21 16:38 - 00000000 ____D () C:\Windows\ERUNT
2014-03-21 16:30 - 2014-03-21 16:30 - 00007835 _____ () C:\Users\Frida\Desktop\AdwCleaner[S0].txt
2014-03-21 16:19 - 2014-03-21 16:24 - 00000000 ____D () C:\AdwCleaner
2014-03-21 16:18 - 2014-03-21 16:18 - 01037734 _____ (Thisisu) C:\Users\Frida\Desktop\JRT.exe
2014-03-21 15:10 - 2014-03-21 15:10 - 00327160 _____ () C:\Windows\PFRO.log
2014-03-21 14:44 - 2014-03-21 14:44 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Malwarebytes
2014-03-21 14:43 - 2014-03-21 14:43 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-21 14:43 - 2014-03-21 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 14:43 - 2014-03-21 14:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-21 14:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-21 14:04 - 2014-03-21 16:26 - 00000224 _____ () C:\Windows\setupact.log
2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-21 10:19 - 2014-03-21 10:19 - 01950720 _____ () C:\Users\Frida\Desktop\adwcleaner.exe
2014-03-21 10:17 - 2014-03-21 10:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Frida\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-21 10:13 - 2014-03-21 10:13 - 00001275 _____ () C:\Users\Frida\Desktop\Revo Uninstaller.lnk
2014-03-21 10:13 - 2014-03-21 10:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-21 10:11 - 2014-03-21 10:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Frida\Desktop\revosetup95.exe
2014-03-21 09:11 - 2014-03-21 17:00 - 00000000 ____D () C:\FRST
2014-03-21 09:08 - 2014-03-21 09:08 - 02157056 _____ (Farbar) C:\Users\Frida\Desktop\FRST64.exe
2014-03-18 22:57 - 2014-03-18 22:57 - 00000000 ____D () C:\Users\Frida\Downloads\rectify-first-season_english-720396
2014-03-18 22:54 - 2014-03-18 22:54 - 00017288 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720396(1).zip
2014-03-18 22:53 - 2014-03-18 22:53 - 00017288 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720396.zip
2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 20:04 - 2014-03-18 20:05 - 01398290 _____ () C:\Users\Frida\Desktop\bookmarks.html
2014-03-18 19:12 - 2014-03-18 19:12 - 00000000 ____D () C:\Users\Frida\Downloads\rectify-first-season_english-720395
2014-03-18 19:11 - 2014-03-18 19:11 - 00019220 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720395.zip
2014-03-18 18:58 - 2014-03-18 18:59 - 103403280 _____ (Microsoft Corporation) C:\Users\Frida\Downloads\msert.exe
2014-03-18 18:31 - 2014-03-21 14:24 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Activeris
2014-03-18 18:14 - 2014-03-18 18:14 - 00017218 _____ () C:\Users\Frida\Desktop\cc_20140318_181403.reg
2014-03-17 14:50 - 2014-03-17 15:08 - 1062844809 _____ () C:\Users\Frida\Downloads\rectify.s01e03.720p.hdtv.x264-2hd.mkv
2014-03-17 12:56 - 2014-03-17 13:01 - 298367700 _____ () C:\Users\Frida\Downloads\rectify.s01e02.hdtv.x264-2hd.mp4
2014-03-17 11:16 - 2014-03-17 11:16 - 00000000 ____D () C:\Users\Frida\AppData\Local\FreeOCR
2014-03-17 11:06 - 2007-03-10 09:11 - 02680320 _____ (HiComponents) C:\Windows\SysWOW64\ImageEnXLibrary.ocx
2014-03-16 23:55 - 2014-03-17 01:09 - 1328038204 _____ () C:\Users\Frida\Downloads\rectify.s01e01.720p.hdtv.x264-2hd.mkv
2014-03-16 19:36 - 2014-03-16 19:36 - 00037001 _____ () C:\Users\Frida\Downloads\buffalo-66_english-269976.zip
2014-03-16 19:36 - 2004-08-09 02:11 - 731179008 _____ () C:\Users\Frida\Desktop\buffalo 66.avi
2014-03-16 12:01 - 2014-03-16 12:13 - 1060245093 _____ () C:\Users\Frida\Downloads\arte-live berlin sophie hunger.mp4
2014-03-09 19:01 - 2014-03-10 19:44 - 01339392 _____ () C:\Users\Frida\Desktop\gastkommentra.indd
2014-03-07 12:53 - 2014-03-07 12:53 - 00000000 ____D () C:\Program Files\One click FLAC to MP3 Converter
2014-03-03 21:11 - 2014-03-03 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-02 17:36 - 2014-03-02 17:36 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Remote Control Server
2014-03-02 17:13 - 2014-03-02 17:13 - 05205504 _____ (Steppschuh) C:\Users\Frida\Downloads\RemoteControlServer.exe
2014-02-23 17:35 - 2014-03-03 12:38 - 00000000 ____D () C:\Users\Frida\Desktop\kud

==================== One Month Modified Files and Folders =======

2014-03-21 17:02 - 2014-03-21 17:00 - 00016694 _____ () C:\Users\Frida\Desktop\FRST.txt
2014-03-21 17:00 - 2014-03-21 09:11 - 00000000 ____D () C:\FRST
2014-03-21 16:54 - 2014-03-21 16:54 - 00000770 _____ () C:\Users\Frida\Desktop\JRT.txt
2014-03-21 16:38 - 2014-03-21 16:38 - 00000000 ____D () C:\Windows\ERUNT
2014-03-21 16:36 - 2009-07-14 05:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 16:36 - 2009-07-14 05:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 16:35 - 2010-05-21 08:50 - 02041414 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 16:30 - 2014-03-21 16:30 - 00007835 _____ () C:\Users\Frida\Desktop\AdwCleaner[S0].txt
2014-03-21 16:27 - 2011-07-09 11:56 - 00000000 ___RD () C:\Users\Frida\Dropbox
2014-03-21 16:27 - 2011-07-09 11:50 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Dropbox
2014-03-21 16:26 - 2014-03-21 14:04 - 00000224 _____ () C:\Windows\setupact.log
2014-03-21 16:26 - 2010-10-14 16:48 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-21 16:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 16:24 - 2014-03-21 16:19 - 00000000 ____D () C:\AdwCleaner
2014-03-21 16:18 - 2014-03-21 16:18 - 01037734 _____ (Thisisu) C:\Users\Frida\Desktop\JRT.exe
2014-03-21 16:16 - 2014-01-26 19:06 - 00000000 ____D () C:\Users\Frida\Desktop\Neuer Ordner
2014-03-21 16:11 - 2010-10-14 16:48 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-21 15:26 - 2013-10-05 10:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-21 15:10 - 2014-03-21 15:10 - 00327160 _____ () C:\Windows\PFRO.log
2014-03-21 14:44 - 2014-03-21 14:44 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Malwarebytes
2014-03-21 14:43 - 2014-03-21 14:43 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-21 14:43 - 2014-03-21 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 14:43 - 2014-03-21 14:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-21 14:24 - 2014-03-18 18:31 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Activeris
2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-21 14:04 - 2011-05-18 19:27 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-03-21 10:19 - 2014-03-21 10:19 - 01950720 _____ () C:\Users\Frida\Desktop\adwcleaner.exe
2014-03-21 10:17 - 2014-03-21 10:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Frida\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-21 10:13 - 2014-03-21 10:13 - 00001275 _____ () C:\Users\Frida\Desktop\Revo Uninstaller.lnk
2014-03-21 10:13 - 2014-03-21 10:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-21 10:11 - 2014-03-21 10:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Frida\Desktop\revosetup95.exe
2014-03-21 09:17 - 2011-05-18 19:27 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-03-21 09:16 - 2011-05-18 19:27 - 00003484 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-21 09:08 - 2014-03-21 09:08 - 02157056 _____ (Farbar) C:\Users\Frida\Desktop\FRST64.exe
2014-03-21 09:08 - 2010-08-03 10:44 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D54DD03E-3945-4937-9347-752F8D557CFB}
2014-03-19 16:51 - 2012-04-26 07:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-18 22:57 - 2014-03-18 22:57 - 00000000 ____D () C:\Users\Frida\Downloads\rectify-first-season_english-720396
2014-03-18 22:54 - 2014-03-18 22:54 - 00017288 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720396(1).zip
2014-03-18 22:53 - 2014-03-18 22:53 - 00017288 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720396.zip
2014-03-18 22:21 - 2014-03-18 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 20:35 - 2010-08-03 22:57 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\vlc
2014-03-18 20:05 - 2014-03-18 20:04 - 01398290 _____ () C:\Users\Frida\Desktop\bookmarks.html
2014-03-18 19:12 - 2014-03-18 19:12 - 00000000 ____D () C:\Users\Frida\Downloads\rectify-first-season_english-720395
2014-03-18 19:11 - 2014-03-18 19:11 - 00019220 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720395.zip
2014-03-18 18:59 - 2014-03-18 18:58 - 103403280 _____ (Microsoft Corporation) C:\Users\Frida\Downloads\msert.exe
2014-03-18 18:14 - 2014-03-18 18:14 - 00017218 _____ () C:\Users\Frida\Desktop\cc_20140318_181403.reg
2014-03-18 18:10 - 2010-08-23 13:27 - 00000000 ____D () C:\Windows\Minidump
2014-03-17 15:08 - 2014-03-17 14:50 - 1062844809 _____ () C:\Users\Frida\Downloads\rectify.s01e03.720p.hdtv.x264-2hd.mkv
2014-03-17 13:01 - 2014-03-17 12:56 - 298367700 _____ () C:\Users\Frida\Downloads\rectify.s01e02.hdtv.x264-2hd.mp4
2014-03-17 11:16 - 2014-03-17 11:16 - 00000000 ____D () C:\Users\Frida\AppData\Local\FreeOCR
2014-03-17 01:09 - 2014-03-16 23:55 - 1328038204 _____ () C:\Users\Frida\Downloads\rectify.s01e01.720p.hdtv.x264-2hd.mkv
2014-03-17 01:08 - 2010-12-06 19:54 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Skype
2014-03-16 19:36 - 2014-03-16 19:36 - 00037001 _____ () C:\Users\Frida\Downloads\buffalo-66_english-269976.zip
2014-03-16 19:17 - 2010-05-21 18:36 - 00753340 _____ () C:\Windows\system32\perfh007.dat
2014-03-16 19:17 - 2010-05-21 18:36 - 00171160 _____ () C:\Windows\system32\perfc007.dat
2014-03-16 19:17 - 2009-07-14 06:13 - 01758600 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 18:35 - 2013-10-04 13:55 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-03-16 12:13 - 2014-03-16 12:01 - 1060245093 _____ () C:\Users\Frida\Downloads\arte-live berlin sophie hunger.mp4
2014-03-15 14:39 - 2013-04-01 19:49 - 00000000 ____D () C:\Users\Frida\Documents\Teaser Produktion
2014-03-12 19:26 - 2013-10-05 10:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 19:26 - 2012-06-11 11:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 19:26 - 2011-05-24 17:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 19:44 - 2014-03-09 19:01 - 01339392 _____ () C:\Users\Frida\Desktop\gastkommentra.indd
2014-03-10 12:03 - 2010-12-03 12:21 - 00000000 ____D () C:\Users\Frida\Documents\Schriften
2014-03-10 11:46 - 2014-02-10 11:17 - 00000000 ____D () C:\Users\Frida\Desktop\cs2
2014-03-10 10:59 - 2009-07-14 05:45 - 05100936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-09 17:08 - 2010-08-03 09:09 - 00128080 _____ () C:\Users\Frida\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-07 12:53 - 2014-03-07 12:53 - 00000000 ____D () C:\Program Files\One click FLAC to MP3 Converter
2014-03-05 20:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-03 21:14 - 2014-03-03 21:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-03 12:38 - 2014-02-23 17:35 - 00000000 ____D () C:\Users\Frida\Desktop\kud
2014-03-02 17:36 - 2014-03-02 17:36 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Remote Control Server
2014-03-02 17:31 - 2010-05-21 09:40 - 01736622 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-02 17:13 - 2014-03-02 17:13 - 05205504 _____ (Steppschuh) C:\Users\Frida\Downloads\RemoteControlServer.exe
2014-02-27 21:05 - 2011-05-18 19:27 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-02-26 21:47 - 2011-05-18 19:27 - 00004224 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-02-25 19:24 - 2011-02-17 13:38 - 00000000 ____D () C:\Users\Frida\Documents\Citavi 3
2014-02-24 18:11 - 2010-12-25 16:33 - 00000000 ____D () C:\Users\Frida\AppData\Local\FreePDF_XP
2014-02-24 11:21 - 2010-08-03 11:21 - 00000000 ____D () C:\Users\Frida\Documents\UNI
2014-02-23 13:08 - 2013-10-27 12:06 - 00000000 ____D () C:\Users\Frida\Documents\Projekt CANADA
2014-02-19 17:01 - 2010-10-14 16:48 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-19 17:01 - 2010-10-14 16:48 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Frida\AppData\Local\Temp\avgnt.exe
C:\Users\Frida\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 01:41

==================== End Of Log ============================

--- --- ---

--- --- ---

und noch addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Frida at 2014-03-21 17:03:32
Running from C:\Users\Frida\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6425.1000 - Microsoft Corporation)
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe InDesign CS2 (HKLM-x32\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.10.00 - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-115C (HKLM-x32\...\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Business Contact Manager für Outlook 2007 SP1 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.7311.0 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP1 (x32 Version: 3.0.7311.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Cinergy HT USB XE V3.12.00.00a (HKLM-x32\...\Cinergy HT USB XE) (Version: 3.12.00.00a - )
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.0.3.0 - Swiss Academic Software)
Client Security - Password Manager (HKLM\...\{3FD730D4-755F-439B-8082-B55E00924A44}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20582 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.18.61 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
f4 2012 (HKLM-x32\...\f42012) (Version:  - audiotranskription.de)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPL Ghostscript 9.00 (HKLM-x32\...\GPL Ghostscript 9.00) (Version:  - )
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Integrated Camera (HKLM\...\Integrated Camera) (Version: 5.50.2.5 - Silicon Motion)
Integrated Camera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.50.2.5 - Silicon Motion)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JOSM (HKCU\...\JOSM) (Version:  - OpenStreetMap)
Juniper Networks Network Connect 6.4.0 (HKLM-x32\...\Juniper Network Connect 6.4.0) (Version: 6.4.0.16245 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.19243 - Juniper Networks)
Juniper Networks Network Connect 7.1.14 (HKLM-x32\...\Juniper Network Connect 7.1.14) (Version: 7.1.14.23943 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.0.0.3 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.03.13 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.02 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.0.023.0 - Lenovo)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MAXQDA 10 (R250212) (HKLM-x32\...\MAXQDA10) (Version: (R250212) - VERBI Software.Consult.Sozialforschung GmbH)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Research AutoCollage Touch 2009 (HKLM-x32\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{F68310EC-B615-4044-B7D7-1A6349758D42}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mobile Broadband Connect (HKLM-x32\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
One-click FLAC to MP3 Converter (x64 add-on) (HKLM\...\{64DFC00F-2502-41AE-8E92-B6E7F10F9A62}) (Version: 4.3.0 - Streamware Development)
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.199.0 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Quantum GIS Wroclaw 1.7.2 Wroclaw (HKLM-x32\...\Quantum GIS Wroclaw) (Version: 1.7.2-r67330-1 - QGIS Development Team)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30106 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scribus 1.4.2 (HKLM-x32\...\Scribus 1.4.2) (Version: 1.4.2 - The Scribus Team)
Skype™ 5.3 (HKLM-x32\...\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}) (Version: 5.3.120 - Skype Technologies S.A.)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0032 - Lenovo)
TerraTec Home Cinema (HKLM-x32\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.15.11 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.25 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.61 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation)
V-bates 2.0.0.438 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.438 - Wajamu) <==== ATTENTION
Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Intel hdc  (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

20-03-2014 00:49:41 Geplanter Prüfpunkt
21-03-2014 09:17:18 Revo Uninstaller's restore point - Snap.Do
21-03-2014 09:22:56 Revo Uninstaller's restore point - Snap.Do Engine
21-03-2014 09:24:20 Revo Uninstaller's restore point - Search Protect
21-03-2014 09:28:27 Revo Uninstaller's restore point - Registry Helper 
21-03-2014 09:56:27 Revo Uninstaller's restore point - One-click FLAC to MP3 Converter
21-03-2014 09:56:55 Removed One-click FLAC to MP3 Converter
21-03-2014 09:58:06 Revo Uninstaller's restore point - FreeOCR v4.2
21-03-2014 13:22:59 Revo Uninstaller's restore point - Activeris AntiMalware
21-03-2014 13:27:14 Revo Uninstaller's restore point - Computer Updater 

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-11-01 12:19 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {12561A61-99D8-4CF9-8720-CE38A4A114DB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {361DAC20-0700-4C84-BC36-EEEBBB7AF7A4} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {72EC84DC-7D2E-45A7-B0A2-E4F0B60C3BCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {732917FE-E3A6-46B7-AEE2-CFCD4109FEAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.)
Task: {828947B6-AA68-4789-8059-E82F6CE67BAA} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {87FD1FA0-F5C5-4489-95F8-028DE97E6B54} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {880F4307-7766-40FD-820E-1661E8406B32} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {8D30982F-053B-4F8B-9CA1-A7B90FD1633C} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {AEB8969C-3B13-4489-8CDE-9B66EA576418} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.)
Task: {B427BDCA-209C-4973-B17F-C9F2CE2D7D83} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E33C4698-A2B4-465F-A42C-780D8AC2CFA2} - System32\Tasks\{02307617-CFBF-49E9-87F0-E0E78B3F036F} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2010-03-05 08:21 - 2010-03-05 08:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-10-25 22:35 - 2010-06-17 20:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2009-05-27 21:09 - 2009-05-27 21:09 - 00049976 _____ () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
2013-03-31 11:33 - 2013-03-31 11:29 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-03-01 10:13 - 2010-03-01 10:13 - 00020480 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACNewBiosHelper.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Frida\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Frida\Desktop\buffalo 66.avi:AFP_Resource

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files (x86)\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (06/09/2011 02:22:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2989 seconds with 2580 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 62%
Total physical RAM: 1912.87 MB
Available physical RAM: 722.02 MB
Total Pagefile: 3825.73 MB
Available Pagefile: 2252.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:21.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: FD380F2A)

Partition: GPT Partition Type.

==================== End Of Log ============================

Soll ich dann die anderen in ein archiv packen. es wurde gesagt, dass das nur bei ausdrücklicher aufforderung passieren soll.

Danke soweit!

schrauber · 22.03.2014, 17:40

Ja die kannste auch deinstallieren.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Manu3l · 24.03.2014, 01:29

Hallo Schrauber,

es scheint alles gut soweit. Hier die logs. Gib mir doch bitte ein kleines ok, wenn alles gut ist, damit ich vollends beruhigt sein kann.

Danke schonmal für die tolle unterstützung!

Die Programme kann ich dann einfach wieder entfernen, weil für die besteht ja keine weitere notwendigkeit, oder?

Hier die logs

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c3bf0af9f5b13f40a12038eaf8c009ba
# engine=17567
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-23 08:49:25
# local_time=2014-03-23 09:49:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 21325 30882341 14039 0
# compatibility_mode=5893 16776573 100 94 17301 147237615 0 0
# scanned=268884
# found=0
# cleaned=0
# scan_time=16055

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64   
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 31  
 Java 7 Update 51  
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (28.0) 
 Mozilla Thunderbird (24.3.0) 
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Frida (administrator) on GERD on 24-03-2014 01:21:39
Running from C:\Users\Frida\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Users\Frida\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2009-12-11] (Lenovo.)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5879608 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3555803482-773397576-744118989-1003\...\MountPoints2: {c854fa97-aeda-11df-8356-78dd08b459fd} - D:\LaunchU3.exe -a
HKU\S-1-5-21-3555803482-773397576-744118989-1003\...\MountPoints2: {f47ad795-64ac-11df-ad90-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frida\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Frida\AppData\Roaming\Mozilla\Firefox\Profiles\192ygp2y.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Frida\AppData\Roaming\Mozilla\Firefox\Profiles\192ygp2y.default\Extensions\ich@maltegoetz.de [2014-03-21]
FF Extension: NoScript - C:\Users\Frida\AppData\Roaming\Mozilla\Firefox\Profiles\192ygp2y.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-21]
FF Extension: Adblock Plus - C:\Users\Frida\AppData\Roaming\Mozilla\Firefox\Profiles\192ygp2y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011-02-17]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
    ],
    "restore_on_startup_migrated": true,
    "startup_urls": [
      "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKT42zm_0PKUNlGehSL1rm7hs7wRcbgJ_Xy_vnyk_RqyHVMf7gnrBMBQrQRX-CrfTYFmJIEAlT5ofs1XLgVMr5rgtdYVom0s9QoGWhvJ_z7_y2S8EtEJbU1nQce1T-vWQ,,"
    ],
    "restore_on_startup"
CHR Extension: (AdBlock) - C:\Users\Frida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-05-11]
CHR Extension: (V-bates) - C:\Users\Frida\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip [2014-03-17]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Frida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-02-10] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-04] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [631360 2009-11-04] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [23744 2009-11-04] (DiBcom S.A.)
R3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225792 2009-09-30] (Realtek Semiconductor Corp.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-05-12] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-24 01:15 - 2014-03-24 01:15 - 00001177 _____ () C:\Users\Frida\Desktop\checkup.txt
2014-03-23 17:15 - 2014-03-23 17:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-23 17:12 - 2014-03-23 17:12 - 00987442 _____ () C:\Users\Frida\Desktop\SecurityCheck.exe
2014-03-23 17:05 - 2014-03-23 17:06 - 02347384 _____ (ESET) C:\Users\Frida\Desktop\esetsmartinstaller_enu.exe
2014-03-21 18:50 - 2014-03-21 18:50 - 01169371 _____ () C:\Users\Frida\Desktop\bookmarks.html
2014-03-21 18:08 - 2014-03-21 18:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 17:55 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-21 17:55 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-21 17:55 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-21 17:55 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-21 17:54 - 2014-03-21 17:55 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-21 17:38 - 2014-03-21 17:38 - 25032080 _____ (Mozilla) C:\Users\Frida\Downloads\Firefox Setup 28.0.exe
2014-03-21 17:03 - 2014-03-21 17:04 - 00027197 _____ () C:\Users\Frida\Desktop\Addition.txt
2014-03-21 17:00 - 2014-03-24 01:21 - 00016204 _____ () C:\Users\Frida\Desktop\FRST.txt
2014-03-21 16:54 - 2014-03-21 16:54 - 00000770 _____ () C:\Users\Frida\Desktop\JRT.txt
2014-03-21 16:38 - 2014-03-21 16:38 - 00000000 ____D () C:\Windows\ERUNT
2014-03-21 16:30 - 2014-03-21 16:30 - 00007835 _____ () C:\Users\Frida\Desktop\AdwCleaner[S0].txt
2014-03-21 16:19 - 2014-03-21 16:24 - 00000000 ____D () C:\AdwCleaner
2014-03-21 16:18 - 2014-03-21 16:18 - 01037734 _____ (Thisisu) C:\Users\Frida\Desktop\JRT.exe
2014-03-21 15:10 - 2014-03-21 15:10 - 00327160 _____ () C:\Windows\PFRO.log
2014-03-21 14:44 - 2014-03-21 14:44 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Malwarebytes
2014-03-21 14:43 - 2014-03-21 14:43 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-21 14:43 - 2014-03-21 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 14:43 - 2014-03-21 14:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-21 14:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-21 14:04 - 2014-03-24 01:22 - 00000616 _____ () C:\Windows\setupact.log
2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-21 10:19 - 2014-03-21 10:19 - 01950720 _____ () C:\Users\Frida\Desktop\adwcleaner.exe
2014-03-21 10:17 - 2014-03-21 10:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Frida\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-21 10:13 - 2014-03-21 10:13 - 00001275 _____ () C:\Users\Frida\Desktop\Revo Uninstaller.lnk
2014-03-21 10:13 - 2014-03-21 10:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-21 10:11 - 2014-03-21 10:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Frida\Desktop\revosetup95.exe
2014-03-21 09:11 - 2014-03-24 01:21 - 00000000 ____D () C:\FRST
2014-03-21 09:08 - 2014-03-21 09:08 - 02157056 _____ (Farbar) C:\Users\Frida\Desktop\FRST64.exe
2014-03-18 22:57 - 2014-03-18 22:57 - 00000000 ____D () C:\Users\Frida\Downloads\rectify-first-season_english-720396
2014-03-18 22:54 - 2014-03-18 22:54 - 00017288 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720396(1).zip
2014-03-18 22:53 - 2014-03-18 22:53 - 00017288 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720396.zip
2014-03-18 19:12 - 2014-03-18 19:12 - 00000000 ____D () C:\Users\Frida\Downloads\rectify-first-season_english-720395
2014-03-18 19:11 - 2014-03-18 19:11 - 00019220 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720395.zip
2014-03-18 18:58 - 2014-03-18 18:59 - 103403280 _____ (Microsoft Corporation) C:\Users\Frida\Downloads\msert.exe
2014-03-18 18:31 - 2014-03-21 14:24 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Activeris
2014-03-18 18:14 - 2014-03-18 18:14 - 00017218 _____ () C:\Users\Frida\Desktop\cc_20140318_181403.reg
2014-03-17 14:50 - 2014-03-17 15:08 - 1062844809 _____ () C:\Users\Frida\Downloads\rectify.s01e03.720p.hdtv.x264-2hd.mkv
2014-03-17 12:56 - 2014-03-17 13:01 - 298367700 _____ () C:\Users\Frida\Downloads\rectify.s01e02.hdtv.x264-2hd.mp4
2014-03-17 11:16 - 2014-03-17 11:16 - 00000000 ____D () C:\Users\Frida\AppData\Local\FreeOCR
2014-03-17 11:06 - 2007-03-10 09:11 - 02680320 _____ (HiComponents) C:\Windows\SysWOW64\ImageEnXLibrary.ocx
2014-03-16 23:55 - 2014-03-17 01:09 - 1328038204 _____ () C:\Users\Frida\Downloads\rectify.s01e01.720p.hdtv.x264-2hd.mkv
2014-03-16 19:36 - 2014-03-16 19:36 - 00037001 _____ () C:\Users\Frida\Downloads\buffalo-66_english-269976.zip
2014-03-16 19:36 - 2004-08-09 02:11 - 731179008 _____ () C:\Users\Frida\Desktop\buffalo 66.avi
2014-03-16 12:01 - 2014-03-16 12:13 - 1060245093 _____ () C:\Users\Frida\Downloads\arte-live berlin sophie hunger.mp4
2014-03-09 19:01 - 2014-03-10 19:44 - 01339392 _____ () C:\Users\Frida\Desktop\gastkommentra.indd
2014-03-07 12:53 - 2014-03-07 12:53 - 00000000 ____D () C:\Program Files\One click FLAC to MP3 Converter
2014-03-03 21:11 - 2014-03-03 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-02 17:36 - 2014-03-02 17:36 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Remote Control Server
2014-03-02 17:13 - 2014-03-02 17:13 - 05205504 _____ (Steppschuh) C:\Users\Frida\Downloads\RemoteControlServer.exe
2014-02-23 17:35 - 2014-03-03 12:38 - 00000000 ____D () C:\Users\Frida\Desktop\kud

==================== One Month Modified Files and Folders =======

2014-03-24 01:22 - 2014-03-21 17:00 - 00016204 _____ () C:\Users\Frida\Desktop\FRST.txt
2014-03-24 01:22 - 2014-03-21 14:04 - 00000616 _____ () C:\Windows\setupact.log
2014-03-24 01:21 - 2014-03-21 09:11 - 00000000 ____D () C:\FRST
2014-03-24 01:15 - 2014-03-24 01:15 - 00001177 _____ () C:\Users\Frida\Desktop\checkup.txt
2014-03-24 01:08 - 2013-10-05 10:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 01:08 - 2010-10-14 16:48 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-23 17:15 - 2014-03-23 17:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-23 17:13 - 2010-10-14 16:48 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-23 17:12 - 2014-03-23 17:12 - 00987442 _____ () C:\Users\Frida\Desktop\SecurityCheck.exe
2014-03-23 17:12 - 2011-05-18 19:27 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-03-23 17:10 - 2011-05-18 19:27 - 00003484 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-23 17:10 - 2011-05-18 19:27 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-03-23 17:10 - 2009-07-14 05:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 17:10 - 2009-07-14 05:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 17:08 - 2010-05-21 08:50 - 01060960 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 17:06 - 2014-03-23 17:05 - 02347384 _____ (ESET) C:\Users\Frida\Desktop\esetsmartinstaller_enu.exe
2014-03-23 16:58 - 2011-07-09 11:50 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Dropbox
2014-03-23 16:57 - 2011-07-09 11:56 - 00000000 ___RD () C:\Users\Frida\Dropbox
2014-03-22 10:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 10:31 - 2012-04-26 07:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-21 18:50 - 2014-03-21 18:50 - 01169371 _____ () C:\Users\Frida\Desktop\bookmarks.html
2014-03-21 18:08 - 2014-03-21 18:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 17:55 - 2014-03-21 17:54 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-21 17:55 - 2010-05-21 09:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-21 17:38 - 2014-03-21 17:38 - 25032080 _____ (Mozilla) C:\Users\Frida\Downloads\Firefox Setup 28.0.exe
2014-03-21 17:04 - 2014-03-21 17:03 - 00027197 _____ () C:\Users\Frida\Desktop\Addition.txt
2014-03-21 16:54 - 2014-03-21 16:54 - 00000770 _____ () C:\Users\Frida\Desktop\JRT.txt
2014-03-21 16:38 - 2014-03-21 16:38 - 00000000 ____D () C:\Windows\ERUNT
2014-03-21 16:30 - 2014-03-21 16:30 - 00007835 _____ () C:\Users\Frida\Desktop\AdwCleaner[S0].txt
2014-03-21 16:24 - 2014-03-21 16:19 - 00000000 ____D () C:\AdwCleaner
2014-03-21 16:18 - 2014-03-21 16:18 - 01037734 _____ (Thisisu) C:\Users\Frida\Desktop\JRT.exe
2014-03-21 16:16 - 2014-01-26 19:06 - 00000000 ____D () C:\Users\Frida\Desktop\Neuer Ordner
2014-03-21 15:10 - 2014-03-21 15:10 - 00327160 _____ () C:\Windows\PFRO.log
2014-03-21 14:44 - 2014-03-21 14:44 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Malwarebytes
2014-03-21 14:43 - 2014-03-21 14:43 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-21 14:43 - 2014-03-21 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 14:43 - 2014-03-21 14:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-21 14:24 - 2014-03-18 18:31 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Activeris
2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-21 10:19 - 2014-03-21 10:19 - 01950720 _____ () C:\Users\Frida\Desktop\adwcleaner.exe
2014-03-21 10:17 - 2014-03-21 10:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Frida\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-21 10:13 - 2014-03-21 10:13 - 00001275 _____ () C:\Users\Frida\Desktop\Revo Uninstaller.lnk
2014-03-21 10:13 - 2014-03-21 10:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-21 10:11 - 2014-03-21 10:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Frida\Desktop\revosetup95.exe
2014-03-21 09:08 - 2014-03-21 09:08 - 02157056 _____ (Farbar) C:\Users\Frida\Desktop\FRST64.exe
2014-03-21 09:08 - 2010-08-03 10:44 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D54DD03E-3945-4937-9347-752F8D557CFB}
2014-03-18 22:57 - 2014-03-18 22:57 - 00000000 ____D () C:\Users\Frida\Downloads\rectify-first-season_english-720396
2014-03-18 22:54 - 2014-03-18 22:54 - 00017288 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720396(1).zip
2014-03-18 22:53 - 2014-03-18 22:53 - 00017288 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720396.zip
2014-03-18 20:35 - 2010-08-03 22:57 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\vlc
2014-03-18 19:12 - 2014-03-18 19:12 - 00000000 ____D () C:\Users\Frida\Downloads\rectify-first-season_english-720395
2014-03-18 19:11 - 2014-03-18 19:11 - 00019220 _____ () C:\Users\Frida\Downloads\rectify-first-season_english-720395.zip
2014-03-18 18:59 - 2014-03-18 18:58 - 103403280 _____ (Microsoft Corporation) C:\Users\Frida\Downloads\msert.exe
2014-03-18 18:14 - 2014-03-18 18:14 - 00017218 _____ () C:\Users\Frida\Desktop\cc_20140318_181403.reg
2014-03-18 18:10 - 2010-08-23 13:27 - 00000000 ____D () C:\Windows\Minidump
2014-03-17 15:08 - 2014-03-17 14:50 - 1062844809 _____ () C:\Users\Frida\Downloads\rectify.s01e03.720p.hdtv.x264-2hd.mkv
2014-03-17 13:01 - 2014-03-17 12:56 - 298367700 _____ () C:\Users\Frida\Downloads\rectify.s01e02.hdtv.x264-2hd.mp4
2014-03-17 11:16 - 2014-03-17 11:16 - 00000000 ____D () C:\Users\Frida\AppData\Local\FreeOCR
2014-03-17 01:09 - 2014-03-16 23:55 - 1328038204 _____ () C:\Users\Frida\Downloads\rectify.s01e01.720p.hdtv.x264-2hd.mkv
2014-03-17 01:08 - 2010-12-06 19:54 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Skype
2014-03-16 19:36 - 2014-03-16 19:36 - 00037001 _____ () C:\Users\Frida\Downloads\buffalo-66_english-269976.zip
2014-03-16 19:17 - 2010-05-21 18:36 - 00753340 _____ () C:\Windows\system32\perfh007.dat
2014-03-16 19:17 - 2010-05-21 18:36 - 00171160 _____ () C:\Windows\system32\perfc007.dat
2014-03-16 19:17 - 2009-07-14 06:13 - 01758600 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 18:35 - 2013-10-04 13:55 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-03-16 12:13 - 2014-03-16 12:01 - 1060245093 _____ () C:\Users\Frida\Downloads\arte-live berlin sophie hunger.mp4
2014-03-15 14:39 - 2013-04-01 19:49 - 00000000 ____D () C:\Users\Frida\Documents\Teaser Produktion
2014-03-12 19:26 - 2013-10-05 10:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 19:26 - 2012-06-11 11:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 19:26 - 2011-05-24 17:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 19:44 - 2014-03-09 19:01 - 01339392 _____ () C:\Users\Frida\Desktop\gastkommentra.indd
2014-03-10 12:03 - 2010-12-03 12:21 - 00000000 ____D () C:\Users\Frida\Documents\Schriften
2014-03-10 11:46 - 2014-02-10 11:17 - 00000000 ____D () C:\Users\Frida\Desktop\cs2
2014-03-10 10:59 - 2009-07-14 05:45 - 05100936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-09 17:08 - 2010-08-03 09:09 - 00128080 _____ () C:\Users\Frida\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-07 12:53 - 2014-03-07 12:53 - 00000000 ____D () C:\Program Files\One click FLAC to MP3 Converter
2014-03-05 20:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-03 21:14 - 2014-03-03 21:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-03 12:38 - 2014-02-23 17:35 - 00000000 ____D () C:\Users\Frida\Desktop\kud
2014-03-02 17:36 - 2014-03-02 17:36 - 00000000 ____D () C:\Users\Frida\AppData\Roaming\Remote Control Server
2014-03-02 17:31 - 2010-05-21 09:40 - 01736622 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-02 17:13 - 2014-03-02 17:13 - 05205504 _____ (Steppschuh) C:\Users\Frida\Downloads\RemoteControlServer.exe
2014-02-27 21:05 - 2011-05-18 19:27 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-02-26 21:47 - 2011-05-18 19:27 - 00004224 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-02-25 19:24 - 2011-02-17 13:38 - 00000000 ____D () C:\Users\Frida\Documents\Citavi 3
2014-02-24 18:11 - 2010-12-25 16:33 - 00000000 ____D () C:\Users\Frida\AppData\Local\FreePDF_XP
2014-02-24 11:21 - 2010-08-03 11:21 - 00000000 ____D () C:\Users\Frida\Documents\UNI
2014-02-23 13:08 - 2013-10-27 12:06 - 00000000 ____D () C:\Users\Frida\Documents\Projekt CANADA

Some content of TEMP:
====================
C:\Users\Frida\AppData\Local\Temp\avgnt.exe
C:\Users\Frida\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Frida\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 01:41

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 24.03.2014, 12:54

Flash Player updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Manu3l · 24.03.2014, 19:00

Den Flash Player hab ich dann auch schon geupdatet, als ich gesehen habe, dass das rot hervorgehoben ist. ^^

Es scheint wieder alles gut zu sein. Habe das System geupdated und auch noch ein paar alte programme entfernt und so. Danke nochmal für den Support!

Viele Grüße
M.

schrauber · 25.03.2014, 12:32

Gern Geschehen

25.03.2014, 12:32	#8
schrauber /// the machine /// TB-Ausbilder	Win7 (x64) 'Registry Helper' etc . infiziert Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Win7 (x64) 'Registry Helper' etc . infiziert

Plagegeister aller Art und deren Bekämpfung: Win7 (x64) 'Registry Helper' etc . infiziert